Phase 1 – Pre-Closure Assessment & Planning
Goal: Confirm business need, identify cost and compliance impact before touching resources.
1. Inventory & Cost Review
- Generate a complete cross-region inventory with:
- AWS Resource Explorer
aws resourcegroupstaggingapi get-resources- AWS Config and Trusted Advisor
- Review Cost Explorer → Last 3 months for anomalies.
- List active Reserved Instances (RIs), Savings Plans, and Marketplace subscriptions.
- Note any active Direct Connect, Dedicated Hosts, or Elastic IPs (common hidden cost centers).
2. Stakeholder & Compliance Approval
- Confirm with application, finance, and compliance owners that the account can be retired.
- Document decision in your Org change log / Confluence / ticket.
- Capture last backup requirement or legal retention if any.
Phase 2 – Resource Cleanup (Recommended for Zero Residual Cost)
While AWS allows closure without cleanup, costs persist until resources are deleted or RIs expire.
Clean up to prevent hidden post-closure billing.
🔹 Critical Items
| Category | Action |
|---|---|
| AWS Marketplace | Cancel every subscription in [Marketplace → Manage Subscriptions]. Terminate instances that used marketplace AMIs. |
| Reserved Instances & Savings Plans | These continue billing until expiry. Attempt transfer to another Org account via Support. |
| Data Backups | Export or snapshot any S3, RDS, EBS, ECR data you need. Then delete storage to stop meter accrual. |
| Direct Connect & Dedicated Resources | Explicitly delete DX connections, private virtual interfaces, and dedicated hosts to stop port-hour charges. |
| Other Persistent Costs | Release Elastic IPs, delete NAT Gateways (≈ $0.045/hr + data), and disable CloudWatch Logs retention if unneeded. |
Phase 3 – Account Closure Execution
You, as the Management Account Admin, can close member accounts in two AWS-supported ways:
Option 1 – Console
- Sign in as Management Account → AWS Organizations
- Choose the target member account
- Click Close account → Confirm
Option 2 – CLI (CloudShell)
aws organizations close-account --account-id <member-account-id>
Code language: HTML, XML (xml)AWS automatically:
- Revokes IAM access for that member
- Marks it CLOSED in Organizations
- Freezes new resource creation
Phase 4 – Post-Closure Monitoring
Billing
- You remain liable for all usage until the closure timestamp.
- Final bill arrives the following month.
- RIs/SPs continue billing until expiry.
- Account remains visible as “CLOSED” for 90 days.
Recovery
- Within 90 days → Contact AWS Support → Reopen.
- After 90 days → Permanent deletion (no recovery).
Phase 5 – Organization-Level Governance & Prevention
| Control | Purpose |
|---|---|
| Service Control Policies (SCPs) | Block creation of cost-bearing resources in deprecated accounts or regions. |
| Budgets & Cost Anomaly Detection | Catch stray spend early. |
| AWS Config & CloudTrail (Org scope) | Track configuration and deletion compliance. |
| Automated Cleanup Scripts | Implement Lambda or Step Functions that auto-delete idle EBS, S3, EIPs. |
| Lifecycle OU Structure | Maintain “Active”, “Sandbox”, and “Decommissioned” OUs for clear separation. |
Recommended Timeline
| Week | Tasks |
|---|---|
| Immediate | Audit account, identify Marketplace subs & DirectConnect links. |
| Week 1 | Back up critical data, cancel Marketplace subs. |
| Week 2 | Delete resources / release IPs / terminate NAT Gateways. |
| Week 3 | Verify zero usage → Close account via Organizations. |
| Month After | Review final bill & ensure no unexpected charges. |
Common Hidden Costs to Double-Check
✅ NAT Gateways
✅ Elastic IPs (allocated but unused)
✅ CloudWatch Logs retention
✅ EBS Snapshots
✅ Direct Connect ports
✅ Active Savings Plans / RIs
✅ Marketplace licensing
✅ PrivateLink endpoints
Official AWS References
- Close an AWS Account – AWS Account Management Docs
- Closing a Member Account in AWS Organizations
- Streamlining AWS Organizations Cleanup Strategies – AWS Cloud Ops Blog
- AWS re:Post – Decommissioning an Organization Account
Final Action Plan (Summary)
- Audit & Backup → Inventory, cancel Marketplace subs, note RIs/SPs.
- Clean Up Resources → Terminate compute, delete storage, remove DX links.
- Verify Zero Spend → Check Cost Explorer & Budgets.
- Close Account via Organizations (console or CLI).
- Monitor Final Bill & ensure RIs/SPs handled.
- Apply Org-level SCPs & budgets to avoid future waste.
I’m a DevOps/SRE/DevSecOps/Cloud Expert passionate about sharing knowledge and experiences. I have worked at Cotocus. I share tech blog at DevOps School, travel stories at Holiday Landmark, stock market tips at Stocks Mantra, health and fitness guidance at My Medic Plus, product reviews at TrueReviewNow , and SEO strategies at Wizbrand.
Do you want to learn Quantum Computing?
Please find my social handles as below;
Rajesh Kumar Personal Website
Rajesh Kumar at YOUTUBE
Rajesh Kumar at INSTAGRAM
Rajesh Kumar at X
Rajesh Kumar at FACEBOOK
Rajesh Kumar at LINKEDIN
Rajesh Kumar at WIZBRAND
Find Trusted Cardiac Hospitals
Compare heart hospitals by city and services — all in one place.
Explore Hospitals
Really appreciated this rundown — AWS account cleanup is one of those things that’s easy to skip, but you explained it in a super clear, no-stress way. The step-by-step flow made everything feel much more doable. Great guide.